Apache HTTP Server Version 1.3

Overview of New Features in Apache 1.3

New features with this release, as extensions of the Apache
functionality. Because the core code has changed so
significantly, there are certain liberties that earlier
versions of Apache (and the NCSA daemon) took that recent
Apache versions are pickier about - please check the compatibility notes if you
have any problems.

If you're upgrading from Apache 1.2, you may wish to read
the upgrade notes.

Apache modules may now be loaded at runtime; this means
that modules can be loaded into the server process space only
when necessary, thus overall memory usage by Apache will be
significantly reduced. DSO currently is supported on FreeBSD,
OpenBSD, NetBSD, Linux, Solaris, SunOS, Digital UNIX, IRIX,
HP/UX, UnixWare, NetWare, AIX, ReliantUnix and generic SVR4
platforms.

Apache now supports the Windows NT and Windows 2000
operating systems. While Apache may run on Windows 95, 98, or
ME, these consumer products are never recommended for
production environments, and their use remains experimental.
All versions of Apache running on Windows prior to 1.3.15
should be considered beta quality releases.

The source files for Apache have been re-organized. The
main difference for Apache users is that the "Module" lines
in Configuration have been replaced with
"AddModule" with a slightly different syntax. For module
authors there are some changes designed to make it easier for
users to add their module.

Reliable Piped Logs

On almost all Unix architectures Apache now implements
"reliable" piped logs in mod_log_config. Where
reliable means that if the logging child dies for whatever
reason, Apache will recover and respawn it without having to
restart the entire server. Furthermore if the logging child
becomes "stuck" and isn't reading its pipe frequently enough
Apache will also restart it. This opens up more opportunities
for log rotation, hit filtering, real-time splitting of
multiple vhosts into separate logs, and asynchronous DNS
resolving on the fly.

The low level I/O routines use writev (where
available) to issue multiple writes with a single system
call. They also avoid copying memory into buffers as much as
possible. The result is less CPU time spent on transferring
large files.

Static requests are served using mmap, which
means bytes are only copied from the disk buffer to the
network buffer directly by the kernel. The program never
copies bytes around, which reduces CPU time. (Only where
available/tested.)

When presented with a load spike, the server quickly
adapts by spawning children at faster rates.

The code which dispatches modules was optimized to avoid
repeatedly skipping over modules that don't implement certain
phases of the API. (This skipping showed up as 5% of the CPU
time on profiles of a server with the default module
mix.)

Revamp of the Unix scoreboard management code so that
less time is spent counting children in various states.
Previously a scan was performed for each hit, now it is
performed only once per second. This should be noticeable on
servers running with hundreds of children and high
loads.

(Apache 1.3.4) The contents of the three server
configuration files (httpd.conf,
srm.conf, and access.conf) have
been merged into a single httpd.conf file. The
srm.conf and access.conf files are
now empty except for comments directing the Webmaster to look
in httpd.conf. In addition, the merged
httpd.conf file has been restructured to allow
directives to appear in a hopefully more intuitive and
meaningful order.

Continuation Lines in config files

Directive lines in the server configuration files may now
be split onto multiple lines by using the canonical Unix
continuation mechanism, namely a '\' as the last non-blank
character on the line to indicate that the next line should
be concatenated.

Apache Autoconf-style Interface
(APACI)

Until Apache 1.3 there was no real out-of-the-box
batch-capable build and installation procedure for the
complete Apache package. This is now provided by a top-level
configure script and a corresponding top-level
Makefile.tmpl file. The goal is to provide a GNU
Autoconf-style frontend which is capable to both drive the
old src/Configure stuff in batch and
additionally installs the package with a GNU-conforming
directory layout. Any options from the old configuration
scheme are available plus a lot of new options for flexibly
customizing Apache.Note: The default installation layout has
changed for Apache 1.3.4. See the files
README.configure and INSTALL for
more information.

APache eXtenSion (APXS) support
tool

Now that Apache provides full support for loading modules
under runtime from dynamic shared object (DSO) files, a new
support tool apxs was created which provides
off-source building, installing and activating of those
DSO-based modules. It completely hides the platform-dependent
DSO-build commands from the user and provides an easy way to
build modules outside the Apache source tree. To achieve this
APACI installs the Apache C header files together with the
apxs tool.

The default directory for the Apache ServerRoot changed
from the NCSA-compatible /usr/local/etc/httpd/
to /usr/local/apache/. This change covers only
the default setting (and the documentation); it is of course
possible to override it using the -d
ServerRoot and -f httpd.conf switches
when starting apache.

Improved HTTP/1.1-style Virtual
Hosts

The new NameVirtualHost
directive is used to list IP address:port pairs on which
HTTP/1.1-style virtual hosting occurs. This is vhosting based
on the Host: header from the client. Previously
this address was implicitly the same as the "main address" of
the machine, and this caused no end of problems for users,
and was not powerful enough. Please see the Apache Virtual Host documentation for
further details on configuration.

Include directive

The Include
directive includes other config files immediately at that
point in parsing.

-S command line option for debugging vhost
setup

If Apache is invoked with the -S command
line option it will dump out information regarding how it
parsed the VirtualHost sections. This is useful
for folks trying to debug their virtual host
configuration.

Control of HTTP methods

<LimitExcept>
and </LimitExcept> are used to enclose a group of
access control directives which will then apply to any HTTP
access method not listed in the arguments; i.e., it is the
opposite of a <Limit> section and can be used to
control both standard and nonstandard/unrecognized
methods.

The optional content negotiation (MultiViews) module has
been completely overhauled for Apache 1.3.4, incorporating
the latest HTTP/1.1 revisions and the experimental
Transparent Content Negotion features of RFC 2295 and RFC
2296.

The optional mod_mime_magic has been added.
It uses "magic numbers" and other hints from a file's
contents to figure out what the contents are. It then uses
this information to set the file's media type, if it cannot
be determined by the file's extension.

mod_unique_id can be
included to generate a unique identifier that distinguishes a
hit from every other hit. ("Unique" has some restrictions on
it.) The identifier is available in the environment variable
UNIQUE_ID.

mod_proxy enhancements:

Easier and safer authentication for ftp proxy logins:
When no ftp user name and/or password is specified in the
URL, but the destination ftp server requires one, Apache
now returns a "[401] Authorization Required" status. This
status code usually makes the client browser pop up an
"Enter user name and password" dialog, and the request is
retried with the given user authentification. That is
slightly more secure than specifying the authentication
information as part of the request URL, where it could be
logged in plaintext by older proxy servers.

The new AllowCONNECT directive allows
configuration of the port numbers to which the proxy
CONNECT method may connect. That allows proxying to
https://some.server:8443/ which resulted in an error
message prior to Apache version 1.3.2.

The proxy now supports the HTTP/1.1 "Via:" header as
specified in RFC2068. The new ProxyVia
directive allows switching "Via:" support off or on, or
suppressing outgoing "Via:" header lines altogether for
privacy reasons.

The "Max-Forwards:" TRACE header specified in
HTTP/1.1 is now supported. With it, you can trace the
path of a request along a chain of proxies (if they, too,
support it).

The string-based server-side include (SSI) flow-control
directives now include comparison for less-than (<),
less-than-or-equal (<=), greater-than (>), and
greater-than-or-equal (>=). Previously comparisons could
only be made for equality or inequality.

ServerRoot relative auth filenames

Auth filenames for the various authentication modules are
now treated as relative to the ServerRoot if they are not
full paths.

The IndexOptions
directive now allows the use of incremental prefixes (+/-
to add/remove the respective keyword feature, as was
already possible for the Options directive) to
its keyword arguments. Multiple IndexOptions directives
applying to the same directory will now be merged.

IconHeight and IconWidth let you set height
and width attributes to the <IMG> tag
in directory listings.

Starting with 1.3.15, the server will satisfy
directory requests with the cache controls ETag and
LastModified, if IndexOptions includes the TrackModified
directive. The server will not need to generate the
listing if the client determines the request has not
changed, improving performance. Due to its experimental
nature, this feature is not enabled by default.

Less Buffering of CGI Script Output

In previous versions of Apache, the output from CGI
scripts would be internally buffered by the server, and
wouldn't be forwarded to the client until either the buffers
were full or the CGI script completed. As of Apache 1.3, the
buffer to the client is flushed any time it contains
something and the server is waiting for more information from
the script. This allows CGI script to provide partial status
reports during long processing operations.

Allows additional information to be listed along with a
specified module.

Absence of any TransferLog disables
logging

If no TransferLog
directive is given then no log is written. This supports
co-existence with other logging modules.

Ability to name logging formats

The LogFormat
directive has been enhanced to allow you to give nicknames to
specific logging formats. You can then use these nicknames in
other LogFormat and CustomLog
directives, rather than having to spell out the complete log
format string each time.

Conditional logging

mod_log_config
now supports logging based upon environment variables.
mod_log_referer and mod_log_agent are now deprecated.

The new map types `Randomized Plain Text' and `Internal
Function' were added to the RewriteMap directive
of mod_rewrite. They provide two new features: First, you now
can randomly choose a sub-value from a value which was
looked-up in a rewriting map (which is useful when choosing
between backend servers in a Reverse Proxy situation).
Second, you now can translate URL parts to fixed (upper or
lower) case (which is useful when doing mass virtual hosting
by the help of mod_rewrite).

CIDR and Netmask access control

mod_access directives
now support CIDR (Classless Inter-Domain Routing) style
prefixes, and netmasks for greater control over IP access
lists.

A new phase for Apache's API is called once per
"heavy-weight process," before any requests are handled. This
allows the module to set up anything that need to be done
once per processes. For example, connections to
databases.

child_exit

A new phase called once per "heavy-weight process," when
it is terminating. Note that it can't be called in some fatal
cases (such as segfaults and kill -9). The
child_init and child_exit functions
are passed a pool whose lifetime is the same as the lifetime
of the child (modulo completely fatal events in which Apache
has no hope of recovering). In contrast, the module
init function is passed a pool whose lifetime
ends when the parent exits or restarts.

child_terminate

Used in the child to indicate the child should exit after
finishing the current request.

register_other_child

See http_main.h. This is used in the parent
to register a child for monitoring. The parent will report
status to a supplied callback function. This allows modules
to create their own children which are monitored along with
the httpd children.

piped_log

See http_log.h. This API provides the common
code for implementing piped logs. In particular it implements
a reliable piped log on architectures supporting it
(i.e., Unix at the moment).

scoreboard format changed

The scoreboard format is quite different. It is
considered a "private" interface in general, so it's only
mentioned here as an FYI.

set_last_modified split into
three

The old function set_last_modified performed
multiple jobs including the setting of the
Last-Modified header, the ETag
header, and processing conditional requests (such as IMS).
These functions have been split into three functions:
set_last_modified, set_etag, and
meets_conditions. The field mtime
has been added to request_rec to facilitate
meets_conditions.

New error logging function:
ap_log_error

All old logging functions are deprecated, we are in the
process of replacing them with a single function called
ap_log_error. This is still a work in
progress.

set_file_slot for config
parsing

The set_file_slot routine provides a
standard routine that prepends ServerRoot to non-absolute
paths.

post_read_request module
API

This request phase occurs immediately after reading the
request (headers), and immediately after creating an internal
redirect. It is most useful for setting environment variables
to affect future phases.

Test if the request is the initial request
(i.e., the one coming from the client).

kill_only_once

An option to ap_spawn_child functions which
prevents Apache from aggressively trying to kill off the
child.

alloc debugging code

Defining ALLOC_DEBUG provides a rudimentary
memory debugger which can be used on live servers with low
impact -- it sets all allocated and freed memory bytes to
0xa5. Defining ALLOC_USE_MALLOC will cause the
alloc code to use malloc() and
free() for each object. This is far more
expensive and should only be used for testing with tools such
as Electric Fence and Purify. See main/alloc.c
for more details.

ap_cpystrn

The new strncpy "lookalike", with slightly
different semantics is much faster than strncpy
because it doesn't have to zero-fill the entire buffer.

table_addn, table_setn,
table_mergen

These new functions do not call
pstrdup on their arguments. This provides for
big speedups. There is also some debugging support to ensure
code uses them properly. See src/CHANGES for
more information.

construct_url

The function prototype for this changed from taking a
server_rec * to taking a request_rec
*.

get_server_name,
get_server_port

These are wrappers which deal with the UseCanonicalName
directive when retrieving the server name and port for a
request.

Change to prototype for
ap_bspawn_child and
ap_call_exec

Added a child_info * to spawn
function (as passed to ap_bspawn_child) and to
ap_call_exec to allow children to work correctly
on Win32. We also cleaned up the nomenclature a bit,
replacing spawn_child_err with simply
ap_spawn_child and
spawn_child_err_buff with simply
ap_bspawn_child.

ap_add_version_component()

This API function allows for modules to add their own
additional server tokens which are printed on the on the
Server: header line. Previous 1.3beta versions
had used a SERVER_SUBVERSION compile-time
#define to perform this function. Whether the
tokens are actually displayed is controlled by the new
ServerTokens directive.

As a premiere, this version of Apache comes with a beta
version of a port to a mainframe machine which uses the
EBCDIC character set as its native codeset (It is the SIEMENS
family of mainframes running the BS2000/OSD operating system
on a IBM/390 compatible processor. This mainframe OS nowadays
features a SVR4-like POSIX subsystem).

The AccessFileName directive can now take
more than one filename. This lets sites serving pages from
network file systems and more than one Apache web server,
configure access based on the server through which shared
pages are being served.

HostnameLookups now defaults to
"Off"

The HostnameLookups
directive now defaults to "Off". This means that, unless
explicitly turned on, the server will not resolve IP
addresses into names. This was done to spare the Internet
from unnecessary DNS traffic.

Double-Reverse DNS enforced

The HostnameLookups
directive now supports double-reverse DNS. (Known as
PARANOID in the terminology of tcp_wrappers.) An IP
address passes a double-reverse DNS test if the forward map
of the reverse map includes the original IP. Regardless of
the HostnameLookups setting, mod_access access lists using
DNS names require all names to pass a
double-reverse DNS test. (Prior versions of Apache required a
compile-time switch to enable double-reverse DNS.)

On boot Apache will now detach from stdin, stdout, and
stderr. It does not detach from stderr until it has
successfully read the config files. So you will see errors in
the config file. This should make it easier to start Apache
via rsh or crontab.

The default timefmt string used by mod_include has
been modified to display the year using four digits rather
than the two-digit format used previously. The mod_autoindex
module has also been modified to display years using four
digits in FancyIndexed directory listings.

Common routines Moving to a Separate
Library

There are a number of functions and routines that have
been developed for the Apache project that supplement or
supersede library routines that differ from one operating
system to another. While most of these are used only by the
Apache server itself, some are referenced by supporting
applications (such as htdigest), and these other
applications would fail to build because the routines were
built only into the server. These routines are now being
migrated to a separate subdirectory and library so they can
be used by other applications than just the server. See the
src/ap/ subdirectory.

This directive optionally adds a line containing the
server version and virtual host name to server-generated
pages (error documents, ftp directory listings, mod_info
output etc.). This makes it easier for users to tell
which server produced the error message, especially in a
proxy chain (often found in intranet environments).

This directive gives control over how Apache creates
self-referential URLs. Previously Apache would always use the
ServerName and Port directives to construct a
"canonical" name for the server. With UseCanonicalName
off Apache will use the hostname and port supplied by
the client, if available.

SERVER_VERSION definition
abstracted, and server build date added

In earlier versions, the Apache server version was
available to modules through the #defined value
for SERVER_VERSION. In order to keep this value
consistent when modules and the core server are compiled at
different times, this information is now available through
the core API routine ap_get_server_version().
The use of the SERVER_VERSION symbol is
deprecated. Also, ap_get_server_built() returns
a string representing the time the core server was
linked.

A new directive, ServerTokens, allows the
Webmaster to change the value of the Server
response header field which is sent back to clients. The
ServerTokens directive controls whether the
server will include a non-specific note in the server
identity about the type of operating system on which the
server is running as well as included module information. As
of Apache 1.3, this additional information is included by
default.

Support for Netscape style SHA1 encrypted
passwords

To facilitate migration or integration of BasicAuth
password schemes where the password is encrypted using SHA1
(as opposed to Apache's built in MD5 and/or the OS specific
crypt(3) function ) passwords prefixed with with
{SHA1} are taken as Base64 encoded SHA1
passwords. More information and some utilities to convert
Netscape ldap/ldif entries can be found in support/SHA1.